Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider validating project-specific gradle-wrapper.jar #15

Open
vlsi opened this issue Feb 7, 2021 · 0 comments
Open

Consider validating project-specific gradle-wrapper.jar #15

vlsi opened this issue Feb 7, 2021 · 0 comments
Assignees
@dantesun
Labels
enhancement New feature or request

Comments

@vlsi
Copy link

vlsi commented Feb 7, 2021

Describe the bug

As far as I understand, gw uses project-specific wrapper.jar which might result in security issues.

To Reproduce
Steps to reproduce the behavior:
1)git clone https://github.com/apache/jmeter.git; cd jmeter
2) gw jar <-- I guess here gng would use project-provided wrapper jar which might result in security issues

Expected behavior

gw should perform wrapper validation before it executes the jar.
For instance, gw might have a set of golden checksums or something like that.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dantesun dantesun

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vlsi @dantesun